projects / shibboleth / sp.git / blob
? search:


3815208c58973221c6b5058776e1762035dfb5fb
[shibboleth/sp.git] / schemas / shibboleth-2.0-attribute-map.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2 <schema targetNamespace="urn:mace:shibboleth:2.0:attribute-map"
3         xmlns="http://www.w3.org/2001/XMLSchema"
4         xmlns:am="urn:mace:shibboleth:2.0:attribute-map"
5         xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
6         elementFormDefault="qualified"
7         version="2.5">
8
9     <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
10
11     <annotation>
12         <documentation>
13             This schema maps SAML attributes into Shibboleth internal attributes.
14         </documentation>
15     </annotation>
16
17     <simpleType name="string">
18         <restriction base="string">
19             <minLength value="1"/>
20         </restriction>
21     </simpleType>
22
23     <simpleType name="anyURI">
24         <restriction base="anyURI">
25             <minLength value="1"/>
26         </restriction>
27     </simpleType>
28
29     <simpleType name="listOfStrings">
30         <list itemType="am:string"/>
31     </simpleType>
32
33     <complexType name="PluggableType">
34         <sequence>
35             <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
36         </sequence>
37         <attribute name="type" type="am:string" use="required"/>
38         <anyAttribute namespace="##any" processContents="lax"/>
39     </complexType>
40     
41     <element name="GSSAPI" type="base64Binary">
42         <annotation>
43             <documentation>A wrapper element for GSS-API contexts.</documentation>
44         </annotation>
45     </element>
46     
47     <element name="Attributes">
48         <annotation>
49             <documentation>The set of SAML or GSS-API attribute mappings.</documentation>
50         </annotation>
51         <complexType>
52             <sequence>
53                 <element name="MetadataProvider" type="am:PluggableType" minOccurs="0"/>
54                 <element name="TrustEngine" type="am:PluggableType" minOccurs="0"/>
55                 <element name="AttributeFilter" type="am:PluggableType" minOccurs="0"/>
56                 <choice maxOccurs="unbounded">
57                     <element name="Attribute" type="am:AttributeType"/>
58                     <element name="GSSAPIAttribute" type="am:GSSAPIAttributeType"/>
59                 </choice>
60                 <element ref="ds:Signature" minOccurs="0"/>
61             </sequence>
62             <attribute name="metadataPolicyId" type="am:string"/>
63         </complexType>
64     </element>
65
66     <complexType name="AttributeType">
67         <annotation>
68             <documentation>Rule for mapping a SAML attribute to an internal attribute.</documentation>
69         </annotation>
70         <sequence>
71             <element name="AttributeDecoder" type="am:AttributeDecoderType" minOccurs="0"/>
72         </sequence>
73         <attribute name="id" type="am:string" use="required">
74             <annotation>
75                 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
76             </annotation>
77         </attribute>
78         <attribute name="aliases" type="am:listOfStrings">
79             <annotation>
80                 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
81             </annotation>
82         </attribute>
83         <attribute name="name" type="am:string" use="required">
84             <annotation>
85                 <documentation>The SAML 1 AttributeName or SAML 2 Name of the attribute.</documentation>
86             </annotation>
87         </attribute>
88         <attribute name="nameFormat" type="am:string">
89             <annotation>
90                 <documentation>The SAML 1 Namespace or SAML 2 NameFormat of the attribute.</documentation>
91             </annotation>
92         </attribute>
93         <attribute name="isRequested" type="boolean">
94           <annotation>
95             <documentation>Marks an attribute as requested by the service.</documentation>
96           </annotation>
97         </attribute>
98         <attribute name="isRequired" type="boolean">
99           <annotation>
100             <documentation>Marks an attribute as required by the service.</documentation>
101           </annotation>
102         </attribute>
103     </complexType>
104
105     <complexType name="GSSAPIAttributeType">
106         <annotation>
107             <documentation>Rule for mapping a GSS-API naming attribute to an internal attribute.</documentation>
108         </annotation>
109         <attribute name="id" type="am:string" use="required">
110             <annotation>
111                 <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
112             </annotation>
113         </attribute>
114         <attribute name="aliases" type="am:listOfStrings">
115             <annotation>
116                 <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
117             </annotation>
118         </attribute>
119         <attribute name="name" type="am:string" use="required">
120             <annotation>
121                 <documentation>The SAML 1 AttributeName or SAML 2 Name of the attribute.</documentation>
122             </annotation>
123         </attribute>
124         <attribute name="authenticated" type="boolean">
125             <annotation>
126                 <documentation>If true, only an authenticated GSS-API naming attribute will be mapped.</documentation>
127             </annotation>
128         </attribute>
129         <attribute name="scopeDelimiter" type="am:string">
130             <annotation>
131                 <documentation>
132                     The character(s) used to delimit the scoped information from the scope.
133                 </documentation>
134             </annotation>
135         </attribute>
136     </complexType>
137     
138     <complexType name="AttributeDecoderType" abstract="true">
139         <annotation>
140             <documentation>
141                 Decodes a SAML attribute into its Shibboleth-internal representation.
142             </documentation>
143         </annotation>
144         <attribute name="caseSensitive" type="boolean">
145             <annotation>
146                 <documentation>
147                     Flag controlling case sensitivity when comparisons to the attribute's values are done.
148                 </documentation>
149             </annotation>
150         </attribute>
151         <attribute name="internal" type="boolean">
152             <annotation>
153                 <documentation>Flag controlling whether the resulting attribute should be exported for CGI use.</documentation>
154             </annotation>
155         </attribute>
156         <attribute name="hashAlg" type="am:string">
157             <annotation>
158                 <documentation>
159                     Crypto-provider-specific name of hash algorithm to use,
160                     turning the decoded result into a simple string.
161                 </documentation>
162             </annotation>
163         </attribute>
164     </complexType>
165     
166     <complexType name="StringAttributeDecoder">
167         <annotation>
168             <documentation>
169                 Decoder for attributes with string values.
170             </documentation>
171         </annotation>
172         <complexContent>
173             <extension base="am:AttributeDecoderType" />
174         </complexContent>
175     </complexType>
176
177     <complexType name="ScopedAttributeDecoder">
178         <annotation>
179             <documentation>
180                 Decoder for attributes with scoped values.
181             </documentation>
182         </annotation>
183         <complexContent>
184             <extension base="am:AttributeDecoderType">
185                 <attribute name="scopeDelimiter" type="am:string">
186                     <annotation>
187                         <documentation>
188                             The character(s) used to delimit the scoped information from the scope.
189                         </documentation>
190                     </annotation>
191                 </attribute>
192             </extension>
193         </complexContent>
194     </complexType>
195     
196     <complexType name="NameIDAttributeDecoder">
197         <annotation>
198             <documentation>
199                 Decoder for attributes with NameID values.
200             </documentation>
201         </annotation>
202         <complexContent>
203             <extension base="am:AttributeDecoderType">
204                 <attribute name="formatter" type="am:string">
205                     <annotation>
206                         <documentation>
207                             The pattern used to generate string versions of the attribute's values.
208                         </documentation>
209                     </annotation>
210                 </attribute>
211                 <attribute name="defaultQualifiers" type="boolean">
212                     <annotation>
213                         <documentation>
214                             Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
215                         </documentation>
216                     </annotation>
217                 </attribute>
218             </extension>
219         </complexContent>
220     </complexType>
221
222     <complexType name="NameIDFromScopedAttributeDecoder">
223         <annotation>
224             <documentation>
225                 Decoder for attributes with scoped values that produces a NameID attribute with
226                 the scope dropped and the NameQualifiers defaulted.
227             </documentation>
228         </annotation>
229         <complexContent>
230             <extension base="am:ScopedAttributeDecoder">
231                 <attribute name="format" type="am:anyURI">
232                     <annotation>
233                         <documentation>
234                             Value to use as the NameID Format.
235                         </documentation>
236                     </annotation>
237                 </attribute>
238                 <attribute name="defaultQualifiers" type="boolean">
239                     <annotation>
240                         <documentation>
241                             Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
242                         </documentation>
243                     </annotation>
244                 </attribute>
245                 <attribute name="formatter" type="am:string">
246                     <annotation>
247                         <documentation>
248                             The pattern used to generate string versions of the attribute's values.
249                         </documentation>
250                     </annotation>
251                 </attribute>
252             </extension>
253         </complexContent>
254     </complexType>
255
256     <complexType name="KeyInfoAttributeDecoder">
257         <annotation>
258             <documentation>
259                 Decoder for attributes with ds:KeyInfo values.
260             </documentation>
261         </annotation>
262         <complexContent>
263             <extension base="am:AttributeDecoderType">
264                 <sequence>
265                     <element name="KeyInfoResolver" type="am:PluggableType" minOccurs="0"/>
266                 </sequence>
267                 <attribute name="hash" type="boolean">
268                     <annotation>
269                         <documentation>
270                             Flag controlling whether to hash keys before base64-encoding them.
271                         </documentation>
272                     </annotation>
273                 </attribute>
274                 <attribute name="keyInfoHashAlg" type="am:string">
275                     <annotation>
276                         <documentation>
277                             Crypto-provider-specific name of hash algorithm to use.
278                         </documentation>
279                     </annotation>
280                 </attribute>
281             </extension>
282         </complexContent>
283     </complexType>
284
285     <complexType name="XMLAttributeDecoder">
286         <annotation>
287             <documentation>
288                 Decoder for directly serializing XML values.
289             </documentation>
290         </annotation>
291         <complexContent>
292             <extension base="am:AttributeDecoderType"/>
293         </complexContent>
294     </complexType>
295
296     <complexType name="DOMAttributeDecoder">
297         <annotation>
298             <documentation>
299                 Decoder for extracting information from XML values.
300             </documentation>
301         </annotation>
302         <complexContent>
303             <extension base="am:AttributeDecoderType">
304                 <sequence>
305                     <element name="Mapping" minOccurs="0">
306                         <annotation>
307                             <documentation>Optional transform to turn qualified XML names into string names.</documentation>
308                         </annotation>
309                         <complexType>
310                             <attribute name="from" type="QName" use="required"/>
311                             <attribute name="to" type="am:string" use="required"/>
312                         </complexType>
313                     </element>
314                 </sequence>
315                 <attribute name="formatter" type="am:string">
316                     <annotation>
317                         <documentation>
318                             The pattern used to generate strings from the XML.
319                         </documentation>
320                     </annotation>
321                 </attribute>
322             </extension>
323         </complexContent>
324     </complexType>
325
326     <complexType name="Base64AttributeDecoder">
327         <annotation>
328             <documentation>
329                 Decoder for attributes with base64-encoded string values.
330             </documentation>
331         </annotation>
332         <complexContent>
333             <extension base="am:AttributeDecoderType" />
334         </complexContent>
335     </complexType>
336
337 </schema>
Shibboleth SP